The present invention relates generally to the field of ad-hoc network implementation. More particularly, the present invention relates to systems and methods for implementing a certifier hierarchy for a public key infrastructure in an ad-hoc network.
An ad-hoc network is a cooperative engagement of a collection of mobile nodes without the required intervention of any centralized access point or existing infrastructure. Decentralization of the certification architecture, although increasing robustness to changes in connectivity and mobility, creates difficulties in implementing a centralized certifier hierarchy for a public key infrastructure.
In public key cryptography, a public key infrastructure (PKI) is an arrangement which provides for third-party vetting of, and vouching for, user identities. It also provides a binding of public keys to user identities. This is usually carried by software at a central location together with other coordinated software at distributed locations. The public keys are typically embodied in certificates.
Traditional use of PKI assumes a fixed network architecture. In the fixed network, nodes that fill the role of certificate authority are manually paced in an organization for efficient distribution of certificates throughout the network. This distribution normally uses a hierarchical collection of certifiers disbursed throughout the network to create and distribute certificates to members of the network. Accordingly, users seeking access to the PKI are manually configured with knowledge of the most appropriate certificate authority.
The traditional PKI does not perform well in an ad-hoc environment. The mobility of nodes within the network makes preconfigured access to certificate authorities inefficient and does not guarantee connectivity to its assigned certificate authority. If the PKI scheme is used for network management and access control, variable network conditions caused by node mobility may require variability of rights delegated to certificate sub-authorities. Further, use of a single certifier may also create a single point of failure and a possible traffic bottleneck in a low-bandwidth tactical environment.
Accordingly, there is a need for a system and method configured to implement network management and access control within an ad-hoc network. Yet further, there is a need for such a process to be implemented such that authentication certifiers are organized in a hierarchical tree. There is further a need for such system and method wherein each certifier in the hierarchical tree is configured to be able to create a child certifier. Yet further, there is a need for such a system and method wherein a child certifier node may be configured to receive up to the same certification and other rights allocated to the parent certifier node.
It would be desirable to provide a system and/or method that provides one or more of these or other advantageous features. Other features and advantages will be made apparent from the present specification. The teachings disclosed extend to those embodiments which fall within the scope of the appended claims, regardless of whether they accomplish one or more of the aforementioned needs.